Canada’s Privacy Commissioner Jennifer Stoddart, who was re-appointed last month for a second, three-year term, says the Personal Information Protection of Electronic Documents Act is up for review this year and she’s increasingly concerned that Canadian privacy legislation in the private sector is lagging behind developments in other democratic countries. She says she has a lot of work to do.
Ms. Stoddart has led the office since 2003 when she took over from former privacy commissioner George Radwanski who left under a cloud over his spending and Auditor General Sheila Fraser called his tenure a “reign of terror.”
When Ms. Stoddart was nominated for re-appointment by Prime Minister Stephen Harper in late November, he said she brought “considerable expertise” and “a deep understanding of the importance of open and transparent government.”
As the officer of Parliament responsible for protecting Canadians’ personal information from undue prying, during her first term Ms. Stoddart has taken on corporate giants including Google, Facebook, and the aviation industry.
She has also been unafraid to find wrongdoing by the government, such as the recent case of Sean Bruyea. The former Canadian intelligence officer and veterans’ advocate whose confidential medical files had been passed around to hundreds of federal bureaucrats in an effort to discredit his public battle for better compensation for disabled soldiers. In that case, Ms. Stoddart ruled that the handling of his information by Veterans’ Affairs Canada was “entirely inappropriate.” Mr. Bruyea sued the federal government for $400,000 and the case was quickly settled.
The Office of the Privacy Commissioner has a budget of $23.2-million for 2010-2011, according to its most recent report on plans and priorities and has a staff of around 120 people, as listed in the Government’s Electronic Directory.
When Ms. Stoddart spoke with The Hill Times in early December, she said she still has a lot of work to do. The Q&A was edited for length and style.
How did you feel when you were first approached to be re-appointed?
“There were things clearly that I wanted to do. I think that I had unfinished business, and I’ve always expressed fairly openly the fact that a big part of my first term was used in housekeeping affairs. That wasn’t really what you have a privacy commissioner for, but it was the only way to move forward. So I was very happy that I had been extended. I look forward to an intense next three years.”
In terms of housekeeping and staff retention, all the problems that you encountered when you entered your office, these are problems now that are in the office of the Public Sector Integrity Commissioner. In your experience, what’s the first step for the incoming commissioner to start rebuilding the department?
“It sounds like the work atmosphere is important like it was here when I came in late 2003. You have to reassure employees on two things: of the integrity of the mandate that you’re administering, and secondly about having a healthy working environment, that’s respectful of its employees, and that was something we had to do here too.”
You said you have many things you want to do next term. Do you have any particular focuses?
“Yes I have a couple of things. First of all we’ve got some priority action issues that we want to follow up on, particular themes within the broader scope of privacy. One of them is national security. Obviously this is a huge ongoing security for us, there’s bills 51 and 52 [the Investigative Powers for the 21st Century Act, and the Investigating and Preventing Criminal Electronic Communications Act] that are now before Parliament. We’ll probably have a lot to say about those bills, there’s just no end of, it seems, national security threats that call for responses that involve Canadians’ privacy and the collection of personal information. That’s a big file for us.
“We also look at something called identity management, which is basically how we, as individuals, deal with the need to identify ourselves in different ways, particularly with the rise of internet 2.0, but also with the emergence of new technologies such as biometrics, which are used increasingly in public and private security issues.
“We want to look at the implications of genetic technology for privacy, individual and group privacy, and what that’s going to mean in terms of ethical choices.
“Our fourth is following the impact of new technologies in general, so that can be the Google street views, the social networking, the mobile technology, and so on. We want to also put the emphasis on our communications and public education outreach program so that Canadians have the information to make informed privacy choices.
“Finally, I’d like to focus on service delivery for Canadians; that is, making sure that, to the extent possible, they get a realistic, rapid, response from us, and they get some kind of remedy that’s appropriate for privacy breaches they may suffer. That takes us into PIPEDA review—PIPEDA is the ‘Personal Information Protection of Electronic Documents Act’— that’s our legislation. It’s up for review next year and I’m increasingly concerned that Canadian privacy legislation in the private sector is lagging behind developments in other democratic countries. So we’d like to raise issues for discussion about how that law works next year.”
You touched on Google, Facebook. You’ve had some high-profile cases, but is there one thing you are particularly proud of?
“Yes, I’m proud of all the very talented people who we recruited into the office. It was a struggle at the beginning, because you know this office had been in such a meltdown that talented people wondered about the risks they would take. I think that now that we’re a cohesive, functional unit with, I think, a fairly good working atmosphere, we’re attracting a lot of talented, insightful, energetic people, and they’re just contributing so much to thinking about privacy in Canada. So I’m very proud of having them on the staff, and the contributions they make individually.”
Auditor General Sheila Fraser mentioned in her review of the Integrity Commissioner’s Office that she would be referring a specific case of a breach of privacy to you. Will you be investigating it?
“I don’t know, I saw some mention that there seemed to be violations of the Privacy Act, but I don’t know what further investigation by my office could do at this point. So, if complainants come forward and want further investigation by my office then we’ll look at that, but the fact remains that under the Privacy Act, there are no remedies for the complainants, there are no possibilities of damages if you feel you are being harassed or mistreated or your privacy has been mistreated. I can’t, under the present Privacy Act, get any sort of remedy or resolution for those people.”
And that’s something you’d like to see changed?
“For a good part of my mandate, I worked on the reform of the Privacy Act, and pointed out that people who believe they have been damaged by government actions who have suffered losses of privacy and felt they had been humiliated, had no way of getting any kind of remedy through that route. You can only ask that your file be made open to you, that’s the only thing that you can go to Federal Court for, so it’s a law that is pretty inadequate in terms of dealing with privacy losses.
“I put it before my committee, the committee agreed with I think a majority of the suggestions that I’d made, but the government did not feel it was the time to move on this.”
You have been singled out as one of the most effective officers of parliament. What do you think that you bring to your job that allows you to do it so effectively?
“A long experience of working at arm’s-length agencies, by choice. A lot of experience working for very principled, talented, leaders, so I have lots of good role models. I like working in teams, so I can recruit and make space for a lot of talented individuals. That strengthens an office when it’s not just an office, when it’s not just one person. Many of the officers of parliament have huge offices, you have to have teams and work with them.”
The public perception is that a lot of the times, it’s the character of the Parliamentary officer that determines how successful the office is in its mandate. Do you believe that, or are the offices greater than any one person?
“It depends how big the office it. Some offices are, I think, a hundred years old, like the Office of the Auditor General, or the director of elections. It depends on the size and the history of the office, but still the officer of Parliament is the public face, she or he is also the executive officer of all these agencies. So what happened here in 2002-2003, and what happened at the office of the Integrity Commissioner, show that yes the leadership does have its importance. I think that’s particularly true for small offices and offices like the Integrity Commissioner that are start-ups, there were only 20 or so employees there. All small offices are possibly vulnerable to management challenges.”
Going into your next term, are there any particular issues that you think Canadians aren’t enough aware of, in terms of protecting their privacy?
“Oh, there are a whole series of privacy issues they need to be more aware of. I think our challenge is getting it out to them. Certainly we’re really concerned about privacy information for young people, to help them to make wise decisions. It because they’re really involved in risky privacy decisions, like putting their whole life on a social networking site. So we’re going to do a lot of work with school boards, school commissions, and getting information out there, through people who are credible, that young people can use.”
The Hill Times